How to Make Linux Microservice-aware with Cilium and eBPF

Video and slides synchronized, mp3 and slide download available at URL https://bit.ly/2Mb3oWl.

Thomas Graf talks about a new efficient in-kernel programming language called eBPF. It allows everyone to extend existing kernel components or glue them together in new forms without requiring to change the kernel itself. Filmed at qconsf.com.

Thomas Graf is co-founder & CTO at Covalent and creator of the Cilium project. Before this, he has been a Linux kernel developer at Red Hat for many years. Over the more than 15 years working on the Linux kernel, he was involved in a variety of networking and security subsystems. For the past couple of years, he has been involved in the development of BPF and XDP.

How to Make Linux Microservice-aware with Cilium and eBPF

2.
InfoQ.com: News & Community Site
• Over 1,000,000 software developers, architects and CTOs read the site world-
wide every month
• 250,000 senior developers subscribe to our weekly newsletter
• Published in 4 languages (English, Chinese, Japanese and Brazilian
Portuguese)
• Post content from our QCon conferences
• 2 dedicated podcast channels: The InfoQ Podcast, with a focus on
Architecture and The Engineering Culture Podcast, with a focus on building
• 96 deep dives on innovative topics packed as downloadable emags and
minibooks
• Over 40 new content items per week
Watch the video with slide
synchronization on InfoQ.com!
https://www.infoq.com/presentations/
linux-cilium-ebpf

3.
Purpose of QCon
- to empower software development by facilitating the spread of
knowledge and innovation
Strategy
- practitioner-driven conference designed for YOU: influencers of
change and innovation in your teams
- speakers and topics driving the evolution and innovation
- connecting and catalyzing the influencers and innovators
Highlights
- attended by more than 12,000 delegates since 2007
- held in 9 cities worldwide
Presented at QCon San Francisco
www.qconsf.com

4.
About the Speaker
Thomas Graf
● Linux kernel developer for ~15 years working on
networking and security
● Helped write one of the biggest monoliths ever
● Worked on many Linux components over the years (IP,
TCP, routing, netfilter/iptables, tc, Open vSwitch, …)
● Creator of Cilium to leverage BPF in a cloud native and
microservices context
● Co-Founder & CTO of the company building Cilium
2

10.
8
Problem #3: Development Process
The Good:
● Open and transparent process
● Excellent code quality
● Stability
● Available everywhere
● Almost entirely vendor neutral
The Bad:
● Hard to change
● Shouting is involved (getting better)
● Large and complicated codebase
● Upstreaming code is hard, consensus has to
be found.
● Upstreaming is time consuming
● Depending on the Linux distribution,
merged code can take years to become
generally available
● Everybody maintains forks with 100-1000s
backports

23.
What is Cilium?
At the foundation of Cilium is the new Linux kernel
technology BPF, which enables the dynamic insertion
of powerful security, visibility, and networking control
logic within Linux itself. Besides providing traditional
network level security, the flexibility of BPF enables
security on API and process level to secure
communication within a container or pod.
Read More
Cilium is open source software for transparently
providing and securing the network and API
connectivity between application services deployed
using Linux container management platforms like
Kubernetes, Docker, and Mesos.
21

24.
Project Goals
22
Approachable BPF
● Make the efficiency and flexibility of BPF
available in an approachable way
● Automate program creation and
management
● Provide an extendable platform
Microservices-aware Linux
● Use the flexibility of BPF to make the Linux
kernel aware of cloud native concepts
such as containers and APIs.
Security
● Use the additional visibility of BPF to
provide security for microservices
including:
○ API awareness
○ Identity based enforcement
○ Process level context enforcement
Performance
● Leverage the execution performance and
JIT compiler to provide a highly efficient
implementation.